This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

December 5, 2025 by No comments

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you need something to shake you out of that turkey-induced coma, React Server has a single request Remote Code Execution flaw in versions 19.0.1, 19.1.2, and 19.2.1.

The issue is insecure deserialization in the Flight protocol, as implemented right in React Server, and notably also used in Next.js. Those two organizations have both issued Security Advisories for CVSS 10.0 CVEs.

There are reports of a public Proof of Concept (PoC), but the repository that has been linked explicitly calls out that it is not a true PoC, but merely research into how the vulnerability might work. As far as I can tell, there is not yet a public PoC, but reputable researchers have been able to reverse engineer the problem. This implies that mass exploitation attempts are not far off, if they haven’t already started. Continue reading “This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud”

Warnings About Retrobright Damaging Plastics After 10 Year Test

December 5, 2025 by 14 Comments

Within the retro computing community there exists a lot of controversy about so-called ‘retrobrighting’, which involves methods that seeks to reverse the yellowing that many plastics suffer over time. While some are all in on this practice that restores yellow plastics to their previous white luster, others actively warn against it after bad experiences, such as [Tech Tangents] in a recent video.

Uneven yellowing on North American SNES console. (Credit: Vintage Computing)
Uneven yellowing on North American SNES console. (Credit: Vintage Computing)

After a decade of trying out various retrobrighting methods, he found for example that a Sega Dreamcast shell which he treated with hydrogen peroxide ten years ago actually yellowed faster than the untreated plastic right beside it. Similarly, the use of ozone as another way to achieve the oxidation of the brominated flame retardants that are said to underlie the yellowing was also attempted, with highly dubious results.

While streaking after retrobrighting with hydrogen peroxide can be attributed to an uneven application of the compound, there are many reports of the treatment damaging the plastics and making it brittle. Considering the uneven yellowing of e.g. Super Nintendo consoles, the cause of the yellowing is also not just photo-oxidation caused by UV exposure, but seems to be related to heat exposure and the exact amount of flame retardants mixed in with the plastic, as well as potentially general degradation of the plastic’s polymers.

Pending more research on the topic, the use of retrobrighting should perhaps not be banished completely. But considering the damage that we may be doing to potentially historical artifacts, it would behoove us to at least take a step or two back and consider the urgency of retrobrighting today instead of in the future with a better understanding of the implications.

Continue reading “Warnings About Retrobright Damaging Plastics After 10 Year Test”

Off-Grid, Small-Scale Payment System

December 5, 2025 by 10 Comments

An effective currency needs to be widely accepted, easy to use, and stable in value. By now most of us have recognized that cryptocurrencies fail at all three things, despite lofty ideals revolving around decentralization, transparency, and trust. But that doesn’t mean that all digital currencies or payment systems are doomed to failure. [Roni] has been working on an off-grid digital payment node called Meshtbank, which works on a much smaller scale and could be a way to let a much smaller community set up a basic banking system.

The node uses Meshtastic as its backbone, letting the payment system use the same long-range low-power system that has gotten popular in recent years for enabling simple but reliable off-grid communications for a local area. With Meshtbank running on one of the nodes in the network, accounts can be created, balances reported, and digital currency exchanged using the Meshtastic messaging protocols. The ledger is also recorded, allowing transaction histories to be viewed as well.

A system like this could have great value anywhere barter-style systems exist, or could be used for community credits, festival credits, or any place that needs to track off-grid local transactions. As a thought experiment or proof of concept it shows that this is at least possible. It does have a few weaknesses though — Meshtastic isn’t as secure as modern banking might require, and the system also requires trust in an administrator. But it is one of the more unique uses we’ve seen for this communications protocol, right up there with a Meshtastic-enabled possum trap.

Biogas Production For Surprisingly Little Effort

December 4, 2025 by 16 Comments

Probably most people know that when organic matter such as kitchen waste rots, it can produce flammable methane. As a source of free energy it’s attractive, but making a biogas plant sounds difficult, doesn’t it? Along comes [My engines] with a well-thought-out biogas plant that seems within the reach of most of us.

It’s based around a set of plastic barrels and plastic waste pipe, and he shows us the arrangement of feed pipe and residue pipe to ensure a flow through the system. The gas produced has CO2 and H2s as undesirable by-products, both of which can be removed with some surprisingly straightforward chemistry. The home-made gas holder meanwhile comes courtesy of a pair of plastic drums one inside the other.

Perhaps the greatest surprise is that the whole thing can produce a reasonable supply of gas from as little as 2 KG of organic kitchen waste daily. We can see that this is a set-up for someone with the space and also the ability to handle methane safely, but you have to admit from watching the video below, that it’s an attractive idea. Who knows, if the world faces environmental collapse, you might just need it.

Continue reading “Biogas Production For Surprisingly Little Effort”

A mirrorless camera is mounted on a stand, facing downwards toward a rotating microscope stage made of wood. A pair of wires come down from the stage, and a man's hand is pointing to the stage.

Building A Microscope Without Lenses

December 4, 2025 by 4 Comments

It’s relatively easy to understand how optical microscopes work at low magnifications: one lens magnifies an image, the next magnifies the already-magnified image, and so on until it reaches the eye or sensor. At high magnifications, however, that model starts to fail when the feature size of the specimen nears the optical system’s diffraction limit. In a recent video, [xoreaxeax] built a simple microscope, then designed another microscope to overcome the diffraction limit without lenses or mirrors (the video is in German, but with automatic English subtitles).

The first part of the video goes over how lenses work and how they can be combined to magnify images. The first microscope was made out of camera lenses, and could resolve onion cells. The shorter the focal length of the objective lens, the stronger the magnification is, and a spherical lens gives the shortest focal length. [xoreaxeax] therefore made one by melting a bit of soda-lime glass with a torch. The picture it gave was indistinct, but highly magnified. Continue reading “Building A Microscope Without Lenses”

Preventing A Mess With The Weller WDC Solder Containment Pocket

December 4, 2025 by 17 Comments

Resetting the paraffin trap. (Credit: MisterHW)
Resetting the paraffin trap. (Credit: MisterHW)

Have you ever tipped all the stray bits of solder out of your tip cleaner by mistake? [MisterHW] is here with a bit of paraffin wax to save the day.

Hand soldering can be a messy business, especially when you wipe the soldering iron tip on those common brass wool bundles that have largely come to replace moist sponges. The Weller Dry Cleaner (WDC) is one of such holders for brass wool, but the large tray in front of the opening with the brass wool has confused many as to its exact purposes. In short, it’s there so that you can slap the iron against the side to flick contaminants and excess solder off the tip.

Along with catching some of the bits of mostly solder that fly off during cleaning in the brass wool section, quite a lot of debris can be collected this way. Yet as many can attest to, it’s quite easy to flip over brass wool holders and have these bits go flying everywhere.

The trap in action. (Credit: MisterHW)
The trap in action. (Credit: MisterHW)

That’s where [MisterHW]’s pit of particulate holding comes into play, using folded sheet metal and some wax (e.g. paraffin) to create a trap that serves to catch any debris that enters it and smother it in the wax. To reset the trap, simply heat it up with e.g. the iron and you’ll regain a nice fresh surface to capture the next batch of crud.

As the wax is cold when in use, even if you were to tip the holder over, it should not go careening all over your ESD-safe work surface and any parts on it, and the wax can be filtered if needed to remove the particulates. When using leaded solder alloys, this  setup also helps to prevent lead-contamination of the area and generally eases clean-up as bumping or tipping a soldering iron stand no longer means weeks, months or years of accumulations scooting off everywhere.

Build A Pocket-Sized Wi-Fi Analyzer

December 4, 2025 by 8 Comments

Wi-Fi! It’s everywhere, and yet you can’t really see it, by virtue of the technology relying on the transmission of electromagnetic waves outside the visual spectrum. Never mind, though, because you can always build yourself a Wi-Fi analyzer to get some insight into your radio surroundings, as demonstrated by [moononournation].

The core of the build is the ESP32-C5. The popular microcontroller is well-equipped for this task with its onboard dual-band Wi-Fi hardware, even if the stock antenna on most devboards is a little underwhelming. [moononournation] has paired this with a small rectangular LCD screen running the ILI9341 controller. The graphical interface is drawn with the aid of the Arduino_GFX library. It shows a graph of access points detected in the immediate area, as well as which channels they’re using and their apparent signal strength.

If you’re just trying to get a basic read on the Wi-Fi environment in a given locale, a tool like this can prove pretty useful. If your desires are more advanced, you might leap up to tinkering in the world of software defined radio. Video after the break.

Continue reading “Build A Pocket-Sized Wi-Fi Analyzer”